I have received many questions on how to properly handle authentication when using BurpCSJ, so here is a short tutorial on how to properly manage authentication. If you are looking for how to use this Burp extension, here is a basic tutorial as well.
In this post, we are going to use BurpCSJ against the Altoro bank (vulnerable web application made on purpose), which is available online here: http://demo.testfire.net/
First, start clean (the reasons will be clear at the end of this tutorial):
- Start Burp;
- Start browser and configure proxy settings to work with Burp;
- Browse to target site: http://demo.testfire.net/
- Perform login: user: jsmith - password: Demo1234
- Check Burp cookie jar (under options/sessions), this should be populated with some cookies:
- Configure BurpCSJ (Crawljax tab) and make sure that "Use Manual Proxy" is ticked and it is pointing to Burp and that the "Use cookie jar" option is ticked as well:
- Start/Launch BurpCSJ against target sit…
In this post, we are going to use BurpCSJ against the Altoro bank (vulnerable web application made on purpose), which is available online here: http://demo.testfire.net/
First, start clean (the reasons will be clear at the end of this tutorial):
- Start Burp;
- Start browser and configure proxy settings to work with Burp;
- Browse to target site: http://demo.testfire.net/
- Perform login: user: jsmith - password: Demo1234
- Check Burp cookie jar (under options/sessions), this should be populated with some cookies:
- Configure BurpCSJ (Crawljax tab) and make sure that "Use Manual Proxy" is ticked and it is pointing to Burp and that the "Use cookie jar" option is ticked as well:
- Start/Launch BurpCSJ against target sit…